Conducted 45+ web application penetration tests aligned with OWASP WSTG/MSTG standards, identifying and documenting critical vulnerabilities to strengthen overall security posture.
Monitored and analyzed over 1,200 security events monthly using Wazuh SIEM, EDR, and XDR tools, enabling rapid detection and containment of potential threats.
Integrated SAST and DAST scans into the CI/CD pipeline in collaboration with developers, ensuring vulnerabilities were identified and remediated before production deployment.
Authored tailored incident response playbooks for top-priority threat scenarios, reducing mean time to response during simulated drills and enhancing operational readiness.
Delivered virtual cybersecurity awareness training sessions to the development team, improving secure coding practices and fostering a culture of security-first development.
Full Stack Developer
Lakeatts Solutions
May 2023 – July 2024 Kisumu, Kenya
Roles And Responsibilities:
Delivered 6 full-stack web applications using Springboot for backend services and modern JavaScript frameworks for frontend interfaces, improving system reliability and user experience.
Implemented authentication and authorization features that strengthened application security and safeguarded sensitive user data.
Containerized applications with Docker, streamlining deployments across multiple environments and reducing inconsistencies between development and production.
Developed and deployed KRA TIMS integration to automate tax compliance processes, ensuring regulatory adherence and minimizing manual errors.
Optimized backend performance by designing efficient APIs, improving response times and ensuring scalability for growing user bases.
Bug Bounty Researcher
Bugcrowd
November 2021 – April 2023 Nairobi, Kenya
Roles And Responsibilities:
Conducted 75+ freelance penetration tests across diverse client systems, identifying high-impact vulnerabilities and strengthening security posture through responsible disclosure.
Discovered and reported multiple XSS, SQL injection, and authentication bypass flaws, preventing potential data breaches and unauthorized access.
Authored technical proof-of-concept reports with detailed remediation steps, enabling client teams to resolve vulnerabilities effectively.
Leveraged tools such as Burp Suite, OWASP ZAP, and Nmap to enhance reconnaissance and exploitation accuracy during security assessments.
Shared research insights by contributing to security blogs and forums, building credibility within the penetration testing community.
Software Programmer
Aphicons Solutions Limited
July 2018 – March 2021 Nairobi, Kenya
Roles And Responsibilities:
Designed and deployed a real-time school bus tracking solution using OpenStreetMap API and custom JavaScript logic, providing administrators with live operational data and giving parents greater visibility into student transport.
Built a Point of Sale (POS) system from the ground up with JSP for backend logic and JavaScript for client-side interactivity, enabling accurate real-time sales tracking and streamlined inventory management.
Enhanced a large-scale Hospital Management System by developing new modules in JSP and JavaScript, improving data processing capabilities, and ensuring better patient record management.
Integrated PostgreSQL database features into existing applications, strengthening data integrity and improving query response times for end users.
Partnered virtually with project stakeholders to refine requirements, ensuring delivered features aligned with operational needs and user expectations.
Information Technology Intern
Eagle Africa Insurance Brokers Ltd.
July 2017 – September 2017 Kenya
Roles And Responsibilities:
Assisted in the implementation and configuration of a company-wide Virtual Desktop Infrastructure (VDI), enhancing centralized management and security.
Provided level-1 technical support to end-users, resolving hardware and software issues, which improved internal customer satisfaction and minimized downtime.
Supported the deployment and configuration of Cisco VoIP phones, facilitating seamless internal and external communication for the brokerage team.
Utilized ERP and Microsoft Office 365 suites to perform data integrity checks and assist in generating reports for the administrative staff.